feat(repl): add --unsafe-ignore-certificate-errors flag (#13045)

author: VishnuJin <45007338+VishnuJin@users.noreply.github.com> 2021-12-10 20:17:55 +0530
committer: GitHub <noreply@github.com> 2021-12-10 15:47:55 +0100
commit: 2bdb528eb89bae468b802a65338001ac95f8f563 (patch)
tree: 1b4c5e6ca45e8a321e0da1c3756bd8b79ef1178c
parent: 0f0dd5b7ec2a7ac95e1b36c866f73b85e4fb4879 (diff)
1 files changed, 91 insertions, 22 deletions
diff --git a/cli/flags.rs b/cli/flags.rs
index 31180a47e..a879be299 100644
--- a/cli/flags.rs
+++ b/cli/flags.rs
@@ -1171,6 +1171,7 @@ fn repl_subcommand<'a, 'b>() -> App<'a, 'b> {
         .takes_value(true)
         .value_name("code"),
     )
+    .arg(unsafely_ignore_ceritifcate_errors_arg())
 }
 
 fn run_subcommand<'a, 'b>() -> App<'a, 'b> {
@@ -1426,17 +1427,7 @@ fn permission_args<'a, 'b>(app: App<'a, 'b>) -> App<'a, 'b> {
         .help("Allow network access")
         .validator(crate::flags_allow_net::validator),
     )
-    .arg(
-      Arg::with_name("unsafely-ignore-certificate-errors")
-        .long("unsafely-ignore-certificate-errors")
-        .min_values(0)
-        .takes_value(true)
-        .use_delimiter(true)
-        .require_equals(true)
-        .value_name("HOSTNAMES")
-        .help("DANGER: Disables verification of TLS certificates")
-        .validator(crate::flags_allow_net::validator),
-    )
+    .arg(unsafely_ignore_ceritifcate_errors_arg())
     .arg(
       Arg::with_name("allow-env")
         .long("allow-env")
@@ -1728,6 +1719,18 @@ fn no_remote_arg<'a, 'b>() -> Arg<'a, 'b> {
     .help("Do not resolve remote modules")
 }
 
+fn unsafely_ignore_ceritifcate_errors_arg<'a, 'b>() -> Arg<'a, 'b> {
+  Arg::with_name("unsafely-ignore-certificate-errors")
+    .long("unsafely-ignore-certificate-errors")
+    .min_values(0)
+    .takes_value(true)
+    .use_delimiter(true)
+    .require_equals(true)
+    .value_name("HOSTNAMES")
+    .help("DANGER: Disables verification of TLS certificates")
+    .validator(crate::flags_allow_net::validator)
+}
+
 fn bundle_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
   compile_args_parse(flags, matches);
 
@@ -2029,6 +2032,7 @@ fn lint_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
 
 fn repl_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
   runtime_args_parse(flags, matches, false, true);
+  unsafely_ignore_ceritifcate_errors_parse(flags, matches);
   flags.repl = true;
   flags.subcommand = DenoSubcommand::Repl(ReplFlags {
     eval: matches.value_of("eval").map(ToOwned::to_owned),
@@ -2184,6 +2188,7 @@ fn compile_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
 }
 
 fn permission_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
+  unsafely_ignore_ceritifcate_errors_parse(flags, matches);
   if let Some(read_wl) = matches.values_of("allow-read") {
     let read_allowlist: Vec<PathBuf> = read_wl.map(PathBuf::from).collect();
     flags.allow_read = Some(read_allowlist);
@@ -2201,13 +2206,6 @@ fn permission_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
     flags.allow_net = Some(net_allowlist);
   }
 
-  if let Some(ic_wl) = matches.values_of("unsafely-ignore-certificate-errors") {
-    let ic_allowlist: Vec<String> =
-      crate::flags_allow_net::parse(ic_wl.map(ToString::to_string).collect())
-        .unwrap();
-    flags.unsafely_ignore_certificate_errors = Some(ic_allowlist);
-  }
-
   if let Some(env_wl) = matches.values_of("allow-env") {
     let env_allowlist: Vec<String> = env_wl
       .map(|env: &str| {
@@ -2250,7 +2248,17 @@ fn permission_args_parse(flags: &mut Flags, matches: &clap::ArgMatches) {
     flags.prompt = true;
   }
 }
-
+fn unsafely_ignore_ceritifcate_errors_parse(
+  flags: &mut Flags,
+  matches: &clap::ArgMatches,
+) {
+  if let Some(ic_wl) = matches.values_of("unsafely-ignore-certificate-errors") {
+    let ic_allowlist: Vec<String> =
+      crate::flags_allow_net::parse(ic_wl.map(ToString::to_string).collect())
+        .unwrap();
+    flags.unsafely_ignore_certificate_errors = Some(ic_allowlist);
+  }
+}
 fn runtime_args_parse(
   flags: &mut Flags,
   matches: &clap::ArgMatches,
@@ -3242,7 +3250,7 @@ mod tests {
   #[test]
   fn repl_with_flags() {
     #[rustfmt::skip]
-    let r = flags_from_vec(svec!["deno", "repl", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--location", "https:foo", "--v8-flags=--help", "--seed", "1", "--inspect=127.0.0.1:9229"]);
+    let r = flags_from_vec(svec!["deno", "repl", "--import-map", "import_map.json", "--no-remote", "--config", "tsconfig.json", "--no-check", "--reload", "--lock", "lock.json", "--lock-write", "--cert", "example.crt", "--cached-only", "--location", "https:foo", "--v8-flags=--help", "--seed", "1", "--inspect=127.0.0.1:9229", "--unsafely-ignore-certificate-errors"]);
     assert_eq!(
       r.unwrap(),
       Flags {
@@ -3268,6 +3276,7 @@ mod tests {
         allow_write: Some(vec![]),
         allow_ffi: Some(vec![]),
         allow_hrtime: true,
+        unsafely_ignore_certificate_errors: Some(vec![]),
         ..Flags::default()
       }
     );
@@ -3891,7 +3900,36 @@ mod tests {
   }
 
   #[test]
-  fn unsafely_ignore_certificate_errors() {
+  fn repl_with_unsafely_ignore_certificate_errors() {
+    let r = flags_from_vec(svec![
+      "deno",
+      "repl",
+      "--eval",
+      "console.log('hello');",
+      "--unsafely-ignore-certificate-errors"
+    ]);
+    assert_eq!(
+      r.unwrap(),
+      Flags {
+        repl: true,
+        subcommand: DenoSubcommand::Repl(ReplFlags {
+          eval: Some("console.log('hello');".to_string()),
+        }),
+        unsafely_ignore_certificate_errors: Some(vec![]),
+        allow_net: Some(vec![]),
+        allow_env: Some(vec![]),
+        allow_run: Some(vec![]),
+        allow_read: Some(vec![]),
+        allow_write: Some(vec![]),
+        allow_ffi: Some(vec![]),
+        allow_hrtime: true,
+        ..Flags::default()
+      }
+    );
+  }
+
+  #[test]
+  fn run_with_unsafely_ignore_certificate_errors() {
     let r = flags_from_vec(svec![
       "deno",
       "run",
@@ -3911,7 +3949,7 @@ mod tests {
   }
 
   #[test]
-  fn unsafely_treat_insecure_origin_as_secure_with_ipv6_address() {
+  fn run_with_unsafely_treat_insecure_origin_as_secure_with_ipv6_address() {
     let r = flags_from_vec(svec![
       "deno",
       "run",
@@ -3938,6 +3976,37 @@ mod tests {
   }
 
   #[test]
+  fn repl_with_unsafely_treat_insecure_origin_as_secure_with_ipv6_address() {
+    let r = flags_from_vec(svec![
+      "deno",
+      "repl",
+      "--unsafely-ignore-certificate-errors=deno.land,localhost,::,127.0.0.1,[::1],1.2.3.4"]);
+    assert_eq!(
+      r.unwrap(),
+      Flags {
+        repl: true,
+        subcommand: DenoSubcommand::Repl(ReplFlags { eval: None }),
+        unsafely_ignore_certificate_errors: Some(svec![
+          "deno.land",
+          "localhost",
+          "::",
+          "127.0.0.1",
+          "[::1]",
+          "1.2.3.4"
+        ]),
+        allow_net: Some(vec![]),
+        allow_env: Some(vec![]),
+        allow_run: Some(vec![]),
+        allow_read: Some(vec![]),
+        allow_write: Some(vec![]),
+        allow_ffi: Some(vec![]),
+        allow_hrtime: true,
+        ..Flags::default()
+      }
+    );
+  }
+
+  #[test]
   fn no_remote() {
     let r = flags_from_vec(svec!["deno", "run", "--no-remote", "script.ts"]);
     assert_eq!(
author	VishnuJin <45007338+VishnuJin@users.noreply.github.com>	2021-12-10 20:17:55 +0530
committer	GitHub <noreply@github.com>	2021-12-10 15:47:55 +0100
commit	2bdb528eb89bae468b802a65338001ac95f8f563 (patch)
tree	1b4c5e6ca45e8a321e0da1c3756bd8b79ef1178c
parent	0f0dd5b7ec2a7ac95e1b36c866f73b85e4fb4879 (diff)